Hardening: Declare content of /usr/lib/grub as firmware files

This folder contains the neccessary files, which are written to
the MBR, dealing with EFI, or loading additional required grub
modules unless the whole grub menu can be displayed or a selected
OS will start up.

Some of these files are 32bit ELF files or do not have SSP etc.

So I would suggest to mark them as firmware files and therefore
skip some of the hardening tests.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c
index 33e26fea8723acbfa27d1b7f9f646d7b9bedde48..819587ef0138f20042a1b65f13044c2640a473ba 100644 (file)
--- a/src/libpakfire/file.c
+++ b/src/libpakfire/file.c
@@ -1509,6 +1509,7 @@ static const struct pattern {
        { "*.pm", PAKFIRE_FILE_PERL },
        { "*.pc", PAKFIRE_FILE_PKGCONFIG },
        { "/usr/lib/firmware/*", PAKFIRE_FILE_FIRMWARE },
+       { "/usr/lib/grub/*", PAKFIRE_FILE_FIRMWARE },
        { "/usr/lib*/ld-*.so*", PAKFIRE_FILE_RUNTIME_LINKER },
        { NULL },
 };